Operation Manual - QoS/ACL
Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration
1-5
Table 1-4 Define advanced ACL
Operation Command
Enter advanced ACL view(from
system view)
acl { number acl-number | name acl-name advanced } [ match-order
{ config | auto } ]
Add a sub-item to the ACL(from
advanced ACL view)
rule [ rule-id ] { permit | deny } protocol [ source source-addr wildcard |
any ] [ destination dest-addr wildcard | any ] [ source-port operator port1
[ port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-type type code ]
[ established ] [ [ precedence precedence | tos tos ]* | dscp dscp ]
[ fragment ] [ time-range name ]
Delete a sub-item from the
ACL(from advanced ACL view)
undo rule rule-id [ source ] [ destination ] [ source-port ]
[ destination-port ] [ icmp-type ] [ precedence ] [ tos ] [ dscp ] [ fragment ]
[ time-range ]
Delete one ACL or all the
ACL(from system view)
undo acl { number acl-number | name acl-name | all }
The advanced ACL is identified with the numbers ranging from 3000 and 3999.
Note that, the port1 and port2 in the above command specify the TCP or UDP ports
used by various high-layer applications. For some common port numbers, you can use
the mnemonic symbols as shortcut. For example, “bgp” can represent the TCP number
179 used by BGP.
III. Define Layer-2 ACL
The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as
source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 ports receiving
and forwarding the packet and destination MAC address to process the data packets.
You can use the following command to define the numbered Layer-2 ACL.
Perform the following configuration in corresponding view.
Table 1-5 Define Layer-2 ACL
Operation Command
Enter Layer-2 ACL view(from system view)
acl { number acl-number | name acl-name link }
[ match-order { config | auto } ]
Add a sub-item to the ACL(from Layer-2 ACL view)
rule [ rule-id ] { permit | deny } [ protocol ] [ cos vlan-pri ]
[ ingress { { source-vlan-id | source-mac-addr
source-mac-wildcard }* | any } ] [ egress { dest-mac-addr
dest-mac-wildcard | any } ] [ time-range name ]
Delete a sub-item from the ACL(from Layer-2 ACL
view)
undo rule rule-id
Delete one ACL or all the ACL(from system view) undo acl { number acl-number | name acl-name | all }
Layer-2 ACL can be identified with numbers ranging from 4000 and 4999.
The interface in the above command specifies the Layer-2 interface, such as the
Ethernet port of a switch.
To Next Page
Loading...
Need help?
General